Making Risky Business Less Risky

John F. Gravel

Business is risky. Large scale, complex projects can come with inherent risks such as fluctuations in material and labor costs, design errors or omissions, and poor sub-contractor performance.

Project risk management is the systematic process of identifying, analyzing, assessing, and developing actions to reduce the impact of potential risks. This helps to forecast cost, and schedule, as well as safety and environmental targets. Risk management is a crucial part of project management and control plan for capital projects.

Unlike financial and enterprise risk management, or insurance and underwriting, the primary focus is to identify actions to prevent or mitigate risk and thereby lessen negative impacts. It is a systematic process of unearthing potential issues and setting game plans by asking three essential questions:

What could go wrong?

How much could it go wrong?

What can we do to stop it?

The Risky

This is simple in theory, yet complex in execution. The larger the project, both in spend and time, the more risk there is to be evaluated. Here are just a few examples:

Qualitative Risk Assessment: Focuses on event-driven risks and developing management plans such as:

  • Late vendor delivery on crucial equipment, affecting project timelines
  • Critical equipment does not meet quality/design requirements
  • Construction permits not received when required
  • Geotechnical conditions different than previously investigated
  • Adverse weather conditions beyond what was allowed for in the estimate/schedule
  • Contractor underperformance or lack of productivity
  • Engineering underperformance or lack of productivity
  • Community protests the project and limits access to the site
  • Incorrect assumptions based on schedule or estimate

Quantitative Risk Analysis: Models uncertainty in cost and schedule estimates to develop or validate contingency and float.

  • Raw material market price adjustments
  • Interest rate fluctuations
  • Exchange rate fluctuations
  • Changes to import duty rates

The Process

Uncertainties, if left unmanaged, may derail projects, and prevent you from achieving the promised outcome. Identifying, evaluating, and prioritizing these risks allow you to reduce their negative impacts and increase your likelihood of reaching project objectives. A methodical approach across the entire value chain ensures a thorough analysis and action plan.


Risk Assessment identifies potential risks across project disciplines: engineering, supply chain, construction, environmental, safety, permitting, social/community, tailings/waste, water management, etc.


Describes and analyzes risks and assigns primary and secondary characteristics: the probability of occurrence, potential consequences, background knowledge, confidence or uncertainty in assessments, urgency, controllability, etc.


Uses the primary and secondary characteristics to identify priority risks that should be the focus of detailed risk assessments.

Detailed Assessment

Assessing each risk through the use of the risk bow-tie assessment tool. The tool looks at a risk event, the causes, proactive and reactive controls, impacts, and outcomes as well as the effectiveness of the controls.

Develop Response Plans

All the potential controls, actions, and indicators are identified in the detailed assessment, and a potential risk response plan is developed for each risk.

The Output

The final output of the risk assessment process is a list of tools, deliverables, action items, and work plans. The ultimate “what to do” if the “what ifs” become “what now?”

Risk Workshop Report: A detailed report that summarizes the initial project risk assessment workshop, including risk register, risk datasheets, and work plans, and all supporting material, as well as crucial points of discussion from the workshop.

Risk Register: A detailed list of all potential risks, including a description of the risk and it’s primary and secondary characteristics.

Risk Datasheets/Workplans: Detailed risk assessment datasheets and work plans for each high-priority risk.

Ongoing Risk Management Process/Plans: Development of an ongoing risk management framework to regularly revisit the risk register and perform short and focused project risk assessment meetings to identify new risks and update the characteristics for each risk throughout the project lifecycle.


Risk assessment is a simple, low-cost method that sets a standard for evaluating risk and improves communication across teams. It clarifies priorities and provides a more realistic, and reasonable risk-adjusted plan, and ultimately increases the likelihood of achieving objectives. Think of a risk assessment process as a low-cost insurance plan.

Risk assessment is a vital part of project delivery, proactively doing all that can be done to foresee and to plan for. The Process, however, is only as good as it’s people. Leaders must drive for the thoroughness of thought, strive to see the unforeseeable, and to plan for failure, so that you may ultimately find success.